ICO call for views on a direct marketing code of practice 


CO. 


lntormation Commissioner's Office 


It is important that organisations ensure their marketing activities are compliant with data 
protection legislation (the General Data Protection Regulation and Data Protection Act 2018) 
and, where necessary, the Privacy and Electronic Communications Regulations 2003 (PECR). 


The new code of practice will build on our current direct marketing guidance and address the 
aspects of the new legislation relevant to direct marketing such as transparency and lawful 
bases for processing, as well as covering the rules on electronic marketing (for example 
emails, text messages, phone calls) under PECR. 


The European Union is in the process of replacing the current e-privacy law (and therefore 
PECR) with a new ePrivacy Regulation (ePR). However the new ePR is yet to be agreed and 
there is no certainty about what the final rules will be. Because of this we intend for the 
direct marketing code to only cover the current PECR rules until the ePR is agreed. Once the 
ePR is finalised and the UK position in relation to it is clear we will produce an updated 
version of the code which takes this into account as appropriate. 


Please send us your views by 24 December 2018. 


Privacy statement 


For this call for views we will publish responses received from organisations but will remove 
any personal data before publication. We will not publish responses from individuals. For 
more information about what we do with personal data please see our privacy notice. 


Q1 


Q2 


Q3 


Q4 


Q5 


Q6 


The code will address the changes in data protection legislation and the implications 
for direct marketing. What changes to the data protection legislation do you think we 
should focus on in the direct marketing code? 


Due to the more stringent definition of consent under the GDPR we find that more 
organisations rely on legitimate interest as their lawful basis to process personal 
data for direct marketing purposes. It would be useful for the direct marketing code 
to focus on the perimeters of legitimate interest and set out circumstances where it 
would be appropriate and inappropriate to rely on this lawful basis. 


Apart from the recent changes to data protection legislation are there other developments 


that are having an impact on your organisation’s direct marketing practices that you think 
we should address in the code? 


Yes 


No 


If yes please specify 


Direct marketing to individuals through social media platforms such as LinkedIn. 


We are planning to produce the code before the draft ePrivacy Regulation (ePR) is agreed. 
We will then produce a revised code once the ePR becomes law. Do you agree with this 
approach? 


Yes 


No 


If no please explain why you disagree 


Is the content of the ICO’s existing direct marketing guidance relevant to the marketing that 
your organisation is involved in? 


Yes 


No 


Q7 If no what additional areas would you like to see covered? 


Q8 Is it easy to find information in our existing direct marketing guidance? 


Yes 


No 


Q9 Ifno, do you have any suggestions on how we should structure the direct marketing code? 


Q10 Please provide details of any case studies or marketing scenarios that you would like 
to see included in the direct marketing code. 


Q1ii Do you have any other suggestions for the direct marketing code? 


About you: 


Q12 Are you answering these questions as: 
a public sector worker 
a private sector worker 
a third or voluntary sector worker 
a member of the public 
a representative of a trade association 
a data subject 
an ICO employee 


other 


If you answered other, please specify: 
Compliance Consultant 


Q13 Please provide the name of the organisation that you are representing: 
Claims Management Compliance Limited 


Q14 We may want to contact you about some of the points you have raised. If you are 
happy for us to do this please provide your email address: 


o claimsmanagementcompliance.co.uk 


